[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 64-1] curl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : curl
Version        : 7.21.0-2.1+squeeze9
CVE ID         : CVE-2014-3613

CVE-2014-3613

     By not detecting and rejecting domain names for partial literal IP
     addresses properly when parsing received HTTP cookies, libcurl can
     be fooled to both sending cookies to wrong sites and into allowing
     arbitrary sites to set cookies for others.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFUJdxJ02K2KlS5mJARAmBJAJ9jbDTVo33TmIGql11widBKqbiEkQCcDIOa
lzNACgkjxqzmxOlFTf/mpCw=
=IOwU
-----END PGP SIGNATURE-----


Reply to: